cf169b2a9e
Adds tools/ verifier scripts that exercise upstream RNS / LXMF and confirm (or correct) the SPEC.md callouts: - §2.3 HEADER_1→HEADER_2 conversion: verified by stubbing Transport.transmit and seeding a multi-hop path_table entry. - §4.3 app_data 3-element variant: producer in LXMF 0.9.6 actually emits 2 elements only (supported_functionality at LXMRouter.py:999 is dead code); parser tolerates 1/2/3-element + raw UTF-8. - §7.1 path? always-precedes claim: actually conditional on not has_path() AND method==OPPORTUNISTIC. - §7.4 ratchet ring default 8: actually Destination.RATCHET_COUNT = 512 at RNS/Destination.py:85. Also fixes a documentation bug in §1.2: the rnstransport.path.request row of the well-known-hash table had the dest-hash prefix where the name_hash should be (correct name_hash is 7926bbe7dd7f9aba88b0). Seeds test-vectors/identities.json (Alice + Bob) with a regenerator (tools/regen_identities.py) and verifier (tools/verify_destination_hash.py) covering §1.1 and §1.2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| identities.json | ||
| README.md | ||
Test vectors
Known-good byte sequences that any Reticulum-compatible implementation should be able to round-trip in both directions.
Status
Partially populated against RNS 1.2.0:
- ✅
identities.json— Alice + Bob identity vectors (regenerator:../tools/regen_identities.py, verifier:../tools/verify_destination_hash.py). - ⏳
announces.json— not yet populated. - ⏳
lxmf.json— not yet populated. - ⏳
links.json— not yet populated.
See ../agent.md §5 and ../todo.md for the remaining bootstrap task list.
Format (proposed)
Each vector lives in a per-domain JSON file, e.g.:
identities.json— Alice + Bob withencPriv,sigPriv,ratchetPriv(hex), plus the derivedpublicKey,identityHash,destinationHashforlxmf.deliveryannounces.json— full hex of a signed announce packet, plus the inputs that produced it (display_name, ratchetPub, etc.)lxmf.json— sender + recipient identity, plaintext, expected ciphertext byteslinks.json— LINKREQUEST + LRPROOF + derived session keys
Each entry should include:
{
"description": "Alice's lxmf.delivery announce with ratchet, display_name='AliceTest'",
"inputs": { ... },
"expected_bytes_hex": "...",
"rns_version_at_generation": "1.2.0",
"generator_script": "tools/regen_announces.py"
}
The generator_script is the file in ../tools/ that, when run against upstream RNS, regenerates expected_bytes_hex. Keeping the generator alongside the vector lets a future contributor verify the vector still matches a newer upstream RNS.
What needs to round-trip
For the spec to claim "an implementation that passes all test vectors interoperates with upstream", the vectors must cover:
- Identity construction — given the same private-key inputs, derive the same public key, identity hash, destination hash.
- Announce build + parse — build a signed announce; verify the same bytes come back through upstream's parser; verify upstream-built announces parse correctly.
- Token encrypt + decrypt — bidirectional, with both ratchet and long-term keys.
- Opportunistic LXMF — full plaintext → ciphertext → plaintext round-trip, signature valid both ways.
- Link handshake — LINKREQUEST built by client A, LRPROOF computed by upstream as B, both arrive at the same
link_idand session keys. - Link-delivered LXMF — body packed by client, decrypted + parsed by upstream.
A separate vector set for FAILURE cases is also useful: malformed announces, expired ratchets, mismatched signatures. An implementation should reject those as a regression-prevention measure.